ASA 5505 ASDM Startup Wizard - does it work at all?

I got a Cisco ASA 5505 with Cisco Adaptive Security Appliance Software
Version 7.2(2). Normally I always configure my equipment through CLI,
but since it is my first ASA I thought I would give the advertised
Startup Wizard a try.

First thing I tried was setting the internal and external IP addresses.
Guess what: it didn't work! My settings had no effect at all. They were
completely and utterly ignored.
- Try 1: entered 192.168.14.1 as IP address for inside, fixed public
IP address for outside, proceeded to the DHCP page, tried to enter
a matching DHCP range - up pops the error message: "Your DHCP range
must fit within your internal address range 192.168.1.1-192.168.1.254".
Went back in the Wizard, and sure enough, the inside and outside
interfaces had reverted to 192.168.1.1 and DHCP, respectively.
- Try 2: entered 192.168.14.1 as IP address for inside, pushed "Finish"
immediately to force the change into the device. No joy, the thing
responded with a message: "no changes made".

Is it just me, or is this so-called Wizard really unable to make the most
elementary of configuration changes, namely setting the IP address of an
interfaces?

Oh yes, and then the final straw:

- Try 3: changed the IP address through the ASDM main page. This actually
succeeded - in locking me out of the device, because it changed the
interface address immediately, disconnecting me, but left the
"administrative access" setting at the old value 192.168.1.0/24 so I
couldn't get back in after changing my admin PC to the new IP range.
Had to get the old console cable out.

Advertisements

Guest

On Sep 17, 9:57 am, Tilman Schmidt <> wrote:
> I got a Cisco ASA 5505 with Cisco Adaptive Security Appliance Software
> Version 7.2(2). Normally I always configure my equipment through CLI,
> but since it is my first ASA I thought I would give the advertised
> Startup Wizard a try.
>
> First thing I tried was setting the internal and external IP addresses.
> Guess what: it didn't work! My settings had no effect at all. They were
> completely and utterly ignored.
> - Try 1: entered 192.168.14.1 as IP address for inside, fixed public
> IP address for outside, proceeded to the DHCP page, tried to enter
> a matching DHCP range - up pops the error message: "Your DHCP range
> must fit within your internal address range 192.168.1.1-192.168.1.254".
> Went back in the Wizard, and sure enough, the inside and outside
> interfaces had reverted to 192.168.1.1 and DHCP, respectively.
> - Try 2: entered 192.168.14.1 as IP address for inside, pushed "Finish"
> immediately to force the change into the device. No joy, the thing
> responded with a message: "no changes made".
>
> Is it just me, or is this so-called Wizard really unable to make the most
> elementary of configuration changes, namely setting the IP address of an
> interfaces?
>
> Oh yes, and then the final straw:
>
> - Try 3: changed the IP address through the ASDM main page. This actually
> succeeded - in locking me out of the device, because it changed the
> interface address immediately, disconnecting me, but left the
> "administrative access" setting at the old value 192.168.1.0/24 so I
> couldn't get back in after changing my admin PC to the new IP range.
> Had to get the old console cable out.
>
> Back to CLI. ASDM is too difficult for me.
>
> --
> Please excuse my bad English/German/French/Greek/Cantonese/Klingon/...

I can see you are totally frustrated. I can understand as I have done
a few of these. First off I would suggest that you go to vers 7.23
code. It fixes some minor issues, DO not use 8.02 as it has some bug
and it is too early to use. Also are you using ADSM ver 6.02? that
vers can only be used with the 8.02 code. Please use the ASDM ver 5.23
as it works with 7.2 code. That would be the first part I would look
at. Then we can see what and how you are doing it in the ADSM......

Advertisements

Pentreed@... wrote:
> On Sep 17, 9:57 am, Tilman Schmidt <> wrote:
>> I got a Cisco ASA 5505 with Cisco Adaptive Security Appliance Software
>> Version 7.2(2). [...] I thought I would give the advertised
>> Startup Wizard a try.
>>
>> First thing I tried was setting the internal and external IP addresses.
>> Guess what: it didn't work! My settings had no effect at all. [...]
>> Back to CLI. ASDM is too difficult for me.
> I can see you are totally frustrated. I can understand as I have done
> a few of these. First off I would suggest that you go to vers 7.23
> code. It fixes some minor issues, [...] Please use the ASDM ver 5.23
> as it works with 7.2 code. That would be the first part I would look
> at. Then we can see what and how you are doing it in the ADSM......

Thanks for your advice. I have upgraded to ASA 7.2.3 and ASDM 5.2.3
now. (Quite an exercise in itself when you cannot connect a PC to the
Pix and to the network at the same time because the Pix' IP address
doesn't fit and can't be changed.) This didn't solve the problem, but
at least it very clearly showed the nature of this ASDM bug.

This is what I do:
- Start ASDM Launcher, connect to 192.168.1.1, no username, no password.
- Select from the menu: Wizards - Startup Wizard
- On the first screen, select "Modify existing configuration"
- Follow the wizard through its fourteen steps, specifying
+ outside vlan2 with a fixed address within our public range
+ inside vlan1 with fixed address 192.168.14.1/24
+ dmz vlan3 (which I don't want or need, but ASDM insists I create),
deactivated and without an IP address
+ a static route, a single ssh management host, and the entire (new)
internal address range as ASDM management hosts
+ a DHCP address pool of 192.168.14.101-.120 to match the internal
interface

followed by an error message "ASDM is unable to contact the ASA" and
impossibility to reconnect under either old or new addresses. The only
way out is to pull the power plug - back to square one.

So what's happening is that the "wizard" makes the classic beginner's
mistake of trying to change the IP address while a DHCP pool is active
on the current one - and then blindly plods on in the face of the
resulting error messages, sending the new DHCP pool after it (which
now of course fails because the old IP address is still active) and
finally changing the http client range to the new address range even
though it hasn't been successfully set up, thereby locking me out.

I had the exact same issue you described trying to change the default network from 192.168.1.x to 10.10.10.x. I found that the wizard can do it, but it takes two passes.

On the first pass thru the wizard do not change any settings, except, disble the DHCP server and BLANK the DHCP IP Ranges.

On the second pass thru the wizard, make all necessary changes to implement the new network (change the interface and the DHCP settings.) As a safety measure include both the new network and the default (192.168.1.0) with permission to use the ASDM\HTTP administration interface.

Share This Page

Welcome to Velocity Reviews!

Welcome to the Velocity Reviews, the place to come for the latest tech news and reviews.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to chat with other enthusiasts and get tech help from other members.
Sign up now!